FROM outside Lawrence Livermore National Laboratory, the public sees a site protected by chain link fences and guards at entry gates. But this Department of Energy national laboratory, home to a variety of classified research, requires much higher level security measures. Therefore, it is guarded as well by a sophisticated, computerized security system called Argus. Argus was designed, engineered, and installed at Livermore and is continually being upgraded and enhanced. It is also available to other Department of Energy and Department of Defense facilities.|
Although named for the hundred-eyed monster of Greek myth, Argus security comprises much more than visual capabilities. A highly interconnected network engineered with comprehensive security features, Argus lives up to such stringent security requirements that DOE's Office of Safeguards and Security has cited it as the standard for physical security systems protecting facilities where the consequences of intrusion are significant. In addition to Lawrence Livermore, the Argus system has been installed at three other DOE sites and at one DOD site to protect top-priority assets or nuclear material.
As it monitors and controls entry into the Laboratory's high-security buildings, Argus is simultaneously monitoring the entire site for security threats and can alert and direct security forces to those threats. Argus security is all-encompassing and omnipresent, but it is surprisingly noninvasive. Employees of Lawrence Livermore enter and move about the Laboratory campus with relative ease. Yet, the Laboratory's Top Secret documents, materials, and facilities are thoroughly protected, intruders can be detected in real time, and intrusions and emergencies get instantaneous response from police and investigative personnel. The Laboratory is provided with maximum security 24 hours a day, 7 days a week.
This security results from a software system that comprises some 1.5 million lines of code, offering a wide range of security features. Extensive features are necessary, because Argus must accommodate many different configurations of security rules within one security complex, and sometimes one complex may have multiple geographical locations (for example, Livermore's Argus system controls the main site and the nearby Site 300 high-explosives testing facility). Moreover, Argus must be reconfigurable at any time. Extensive features also translate into flexibility and simplicity for end users. That's important because every authorized person in a high-security site accesses and interfaces with the Argus system. To ensure that designers, operators, and users understand Argus, DOE's Central Training Academy in Albuquerque, New Mexico, has 14 classes available, ranging from one hour to one week, that cover the complete set of Argus features.
While protecting a security complex, Argus also protects itself. A high degree of redundancy has been incorporated to prevent system failure, and tamper-indicating devices and data encryption have been used throughout to protect surveillance equipment and data from intruders and thieves. Insider threats to weaken the system have been addressed with a comprehensive set of system-enforced and procedural measures, including consistency checking, captive accounts, and a rule prohibiting people from working alone.
How Users Work with Argus
In addition to controlling and monitoring the RAP access controls, AFPs also control and monitor the networks of thousands of electronic sensors and other surveillance equipment that comprise the alarm stations of a security complex.|
The AFP determines the status of security in the alarm station by polling its sensors, controls station operating mode (that is, whether the station is open or secured, in maintenance, etc.), and provides entry authorization via the RAP interface. Alarm station caretakers can also use the RAP to modify access lists, change the rules of the alarm station, and authorize maintenance on the station.
Alarm stations are of many types--outdoor perimeter exclusion zones, normal interior rooms, vaults of concrete or steel, or even entire buildings. They can have sensors and surveillance equipment installed on walls, floors, and ceilings. Because as many AFP modules can be installed as necessary to monitor alarm stations, site security is scalable. At the same time, its modularity restricts problems and makes maintenance and diagnostic work easier.
Real-Time Command and Control
Continuing Improvements, Ever More Uses|
The installation of Argus at a major DOE nuclear weapons storage and dismantlement site is nearing completion. There, Argus was modified to accommodate access authorization procedures that require observation of the two-person rule for entry and exit. In addition to RAPs, the entry portals have devices that read stored hand-geometry data, and booths may have special detectors to monitor the transport of sensitive materials. To serve this site and other users, Argus program staff are developing a 24-hour help line.
They are also moving ahead to evolve Argus to the next technological level, with such features as topology-independent network-based sensors and capability to simulate intrusions and attacks. In the first, Argus staff are in the midst of developing a neuron chip that can be embedded into sensors, adding the capability to communicate with sensors instead of merely receiving signals from them. This feature will enhance AFP line supervision of alarm stations, enhance sensor security, and dramatically reduce installation costs. In the second, Argus staff are beginning research and development to endow Argus with simulation capabilities that can be used in conjunction with conflict simulation exercises. Argus console operators will soon be able to detect simulated attacks and send virtual security dispatches to contain and control them. Such simulation would hone a site's emergency response tactics and provide realistic training to console operators.
Key Words: Argus, Argus field processor (AFP), remote access panel (RAP), security technology.
For further information contact Gregory Davis (925) 422-4028 (firstname.lastname@example.org)